This circular establishes the policies and responsibilities for the Implementation and Usage of the Enterprise Directory Service [which will use the Lightweight Directory Access Protocol (LDAP)] by the Department of Health and Human Services (HHS) and its Agencies.

The American public relies on the U.S. Department of Health and Human Services (HHS) to administer a broad range of approximately 300 Federal program activities. Together with its many service partners, HHS delivers $238 billion dollars of health care services annually to 62 million people through its Medicare, Medicaid and Indian Health Service Programs. HHS also plays a vital role in ensuring safety, efficacy, and appropriate use of health care products; controlling disease and promoting health; advancing biomedical research; and assisting the poor. HHS’ service partners include States, universities, contractors and not-for-profit organizations. Together these activities are vital to the health and well being of the American Public, especially the elderly, children, and the poor. Taking account of private and public spending, the health sector constitutes a significant segment of the overall U.S. economy and looks toward the HHS to lead the future direction of these vital health activities.

In order to become more compliant with Federal regulations, the HHS will implement an Enterprise Directory Service. The HHS centralized enterprise directory will be used to manage access rights of its internal personnel, business partners and customers.

An electronic directory server provides access to information via electronic means. This information is variable in content, however it is explicitly defined by the directory purpose. Information about people, organizations, services and network hardware are just a few examples of the data content that a directory service can provide.

Electronic mail communication benefits from the existence of a global electronic "White Pages" because these "White Pages" allow network users to retrieve address information in an intuitive fashion. Manual searching for names and addresses, specifically electronic addresses, can take a great deal of time. A "White Pages" directory service permits network users to retrieve the addresses in a user friendly way, using known variables such as common name, surname, and organization to facilitate various levels of searches.

The Enterprise Directory is a global service comprised of independently operated and distributed Directory Service Agents (DSAs) that provide information in the form of a "White Pages" Telephone Directory. An Enterprise Directory service provides a common access point for this distributed information, and is generally configured to make access to the information sought intuitive and easy.

The Enterprise Directory Model is a distributed collection of independent systems that cooperate to provide a logical database of information to provide a global Directory Service. Directory information about a particular organization is maintained locally in a DSA. This information is structured. It is possible for one organization to keep information about other organizations, and it is possible for an organization to operate independently from the global model as a stand-alone system. DSAs that operate within the global model have the ability to exchange information with other DSAs by means of a common protocol.

Lightweight Directory Access Protocol (LDAP) is a common protocol used for client-to-server communication. LDAP defines a standard method for accessing and updating information in a directory.

4.2.1 The HHS Enterprise Directory architecture shall be that of a single logical Departmental Directory all emanating from the root domain.

4.2.2 By implementing an LDAP-enabled Directory, OPDIV’s Directory Managers shall be able to control what is shared and viewable across the global directory.

4.2.3 Security and independence of the OPDIV domains is recognized to be critical to the success of the HHS Enterprise Directory. Each OPDIV’s Directory Manager shall have the ability to update its branch or portion of the global directory. The OPDIVs shall possess read-only rights to information not under their sole-ownership. Changes to OPDIV’s information residing in the global directory shall be done only through prior approval by the OPDIV to which the information belongs. The Enterprise Directory Manager shall have the responsibility to make updates to the directory following the OPDIV’s approval.

The CIO is responsible for providing advice and assistance to the Secretary and other senior management personnel, to ensure that information technology is acquired and information resources are managed for the agency in a manner that implements the policies and procedures of the HHS Enterprise Directory.

The CIO is responsible for approving any Directory implementation by HHS OPDIVs.

The DASIRM is responsible for defining, implementing and managing HHS directory policy decisions. The DASIRM is also responsible for certification and accreditation of the global directory implementation and has responsibility for the oversight of all directory operations. The DASIRM will provide lead support in the development and implementation of the HHS Enterprise Directory. The DASIRM is responsible for the appointment of the Enterprise Directory Manager. The DASIRM is also responsible for assuring that proper and reliable operations of the Enterprise Directory are maintained, and for seeing that proper LDAP policies and directives are in place.

The OPDIV CIOs shall be responsible for assuring that directory implementation is performed in accordance with the policy of the DASIRM. The OPDIV CIOs provide planning guidance to, and oversight of the directory infrastructure, and direct the activity of the OPDIV’s Directory Manager.

The OPDIV CIOs have overall responsibility for assuring that proper and reliable operations of the OPDIV Directories are maintained, and for seeing that the policies and directives of the DASIRM are carried out. They are responsible for establishing and approving detailed operating procedures. Responsibilities of the OPDIV CIOs include oversight of:

Developing, maintaining currency, and publication of the Directory Policy

The Enterprise Directory Manager operates the HHS Enterprise Directory on a day-to-day basis and assures that it is functioning properly, that all procedures and safeguards are being followed, and that any operational errors, anomalies, and breeches of policy and procedure are addressed promptly and properly. The Enterprise Directory Manager institutes and consistently follows operational procedures that promote reliability and trust.

The Enterprise Directory Manager is responsible for developing and maintaining plans, policies and procedures pertaining to operation of the Directory and the overall operation of the Enterprise Directory Network.

In accordance with direction from the Enterprise Directory Manager, the OPDIV Directory Manager operates the directory on a day-to-day basis and assures that it is functioning properly, that all procedures and safeguards are being followed, and that any operational errors, anomalies, and broaches of policy and procedure are addressed promptly and properly. The OPDIV Directory Manager institutes and consistently follows operational procedures that promote reliability and trust.

The OPDIV Directory Manager is responsible for developing and maintaining plans, policies and procedures pertaining to operation of the directory and the overall operation of the Enterprise Directory Network.

The OPDIV Directory Manager shall work in coordination with the Enterprise Directory Manager.